* Question about updating audit.rules [not found] ` <CAJdJdQ=NayH8o4LxXgyL8k4VQ_aPYKC82hB987wEmU4TbF22+A@mail.gmail.com> @ 2016-06-22 23:56 ` warron.french 2016-06-23 3:16 ` Steve Grubb 0 siblings, 1 reply; 3+ messages in thread From: warron.french @ 2016-06-22 23:56 UTC (permalink / raw) To: linux-audit [-- Attachment #1.1: Type: text/plain, Size: 389 bytes --] I am writing puppet modules for work now. I am writing a module specifically oriented around audit for Linux and Solaris. But I would like to know is after updating audit.rules in Linux with immutable mode turned on; is a restart of the audit process actually required for the rules to take effect. I believe it always is, but I want to be certain. Thanks, \\Warron French from mobile [-- Attachment #1.2: Type: text/html, Size: 456 bytes --] [-- Attachment #2: Type: text/plain, Size: 0 bytes --] ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Question about updating audit.rules 2016-06-22 23:56 ` Question about updating audit.rules warron.french @ 2016-06-23 3:16 ` Steve Grubb 2016-06-23 12:49 ` Warron S French 0 siblings, 1 reply; 3+ messages in thread From: Steve Grubb @ 2016-06-23 3:16 UTC (permalink / raw) To: linux-audit On Wednesday, June 22, 2016 07:56:23 PM warron.french wrote: > I am writing puppet modules for work now. I am writing a module > specifically oriented around audit for Linux and Solaris. > > But I would like to know is after updating audit.rules in Linux with > immutable mode turned on; is a restart of the audit process actually > required for the rules to take effect. In immutable mode, a REBOOT is required to reload audit rules. In immutable mode, the rules are locked into the kernel. So, the kernel needs restarting. -Steve ^ permalink raw reply [flat|nested] 3+ messages in thread
* RE: Question about updating audit.rules 2016-06-23 3:16 ` Steve Grubb @ 2016-06-23 12:49 ` Warron S French 0 siblings, 0 replies; 3+ messages in thread From: Warron S French @ 2016-06-23 12:49 UTC (permalink / raw) To: Steve Grubb, linux-audit@redhat.com Thanks Steve, that's what I thought. I just wanted to unclutter my memory and get it clear in my understanding. I am moving on to another job, so I have decided to attempt to set up a more personal email (driven) account with the Linux Audit Mailing List. I hope to engage the List from that newly associated account in the near future. Thanks, Warron French, MBA, SCSA -----Original Message----- From: linux-audit-bounces@redhat.com [mailto:linux-audit-bounces@redhat.com] On Behalf Of Steve Grubb Sent: Wednesday, June 22, 2016 11:17 PM To: linux-audit@redhat.com Subject: Re: Question about updating audit.rules On Wednesday, June 22, 2016 07:56:23 PM warron.french wrote: > I am writing puppet modules for work now. I am writing a module > specifically oriented around audit for Linux and Solaris. > > But I would like to know is after updating audit.rules in Linux with > immutable mode turned on; is a restart of the audit process actually > required for the rules to take effect. In immutable mode, a REBOOT is required to reload audit rules. In immutable mode, the rules are locked into the kernel. So, the kernel needs restarting. -Steve -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-06-23 12:49 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <CAJdJdQ=3p+ukfg6MguaBNiG69jq9fp3bK-VGEZ=Xbij=yKBpBg@mail.gmail.com>
[not found] ` <CAJdJdQkTHC=kz50Bww6beZy7_a6wzywDp3s3zkqHuV-FKao3rA@mail.gmail.com>
[not found] ` <CAJdJdQk_GAqyF1s0sB51TzkB7xypPSh-uKS-S2LcfmpxGwEhvg@mail.gmail.com>
[not found] ` <CAJdJdQ=RqBoHtiHdH4sKaWWzyq=c66qvaGuA3+tC1uGzuQ=mTg@mail.gmail.com>
[not found] ` <CAJdJdQ=NayH8o4LxXgyL8k4VQ_aPYKC82hB987wEmU4TbF22+A@mail.gmail.com>
2016-06-22 23:56 ` Question about updating audit.rules warron.french
2016-06-23 3:16 ` Steve Grubb
2016-06-23 12:49 ` Warron S French
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.